210260 CVE-2008-1080 2008-02-15 17:14 0000 www-client/opera < 9.26 multiple vulnerabilities (CVE-2008-{1080,1081,1082}) 2008-03-04 22:40:00 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/29029/ B3 [glsa] P2 minor --- 1 jer@gentoo.org security@gentoo.org fauli@gentoo.org jer@gentoo.org 2008-02-15 17:14:03 0000 No 9.26 build is available yet, no published vulnerability either, it seems. jer@gentoo.org 2008-02-15 17:15:00 0000 Quote from the URL: "We are also addressing a few security issues; details will be published in due time." fauli@gentoo.org 2008-02-19 19:52:03 0000 File is already available (though not announced) on: ftp://get.opera.com/pub/opera/linux/926/final/ Haven't found a ChangeLog yet, but one could prepare an ebuild jer@gentoo.org 2008-02-20 05:56:07 0000 (In reply to comment #2) > File is already available (though not announced) on: > ftp://get.opera.com/pub/opera/linux/926/final/ Thanks for noticing. > Haven't found a ChangeLog yet, but one could prepare an ebuild Sure I could, put I won't put it in the tree until it's mirrored. jer@gentoo.org 2008-02-20 13:54:50 0000 www-client/opera-9.26 is in the tree. jaervosz@gentoo.org 2008-02-20 13:59:34 0000 Arches please test and mark stable. Target keywords are: opera-9.26.ebuild:KEYWORDS="amd64 ppc sparc x86 ~x86-fbsd" fauli@gentoo.org 2008-02-20 19:07:54 0000 x86 stable armin76@gentoo.org 2008-02-21 12:25:24 0000 sparc stable py@gentoo.org 2008-02-21 21:44:42 0000 details are out, no major issues. dertobi123@gentoo.org 2008-02-22 14:00:45 0000 ppc stable beandog@gentoo.org 2008-02-25 19:39:27 0000 amd64 stable jaervosz@gentoo.org 2008-02-25 20:18:32 0000 This one is ready for GLSA vote. pva@gentoo.org 2008-02-25 20:41:01 0000 Fixed in release snapshot. rbu@gentoo.org 2008-02-25 22:24:07 0000 http://www.opera.com/support/search/view/877/ http://www.opera.com/support/search/view/879/ http://www.opera.com/support/search/view/880/ I'd rather go for a YES here. jaervosz@gentoo.org 2008-02-26 10:02:56 0000 Thx for the info rbu. GLSA request filed. rbu@gentoo.org 2008-03-03 00:01:48 0000 Name: CVE-2008-1080 Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. ====================================================== Name: CVE-2008-1081 Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. ====================================================== Name: CVE-2008-1082 Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. py@gentoo.org 2008-03-04 22:40:00 0000 GLSA 200803-09